In a strange turn of event, it has emerged that the FBI had managed to get hold of REvil’s universal ransomware (opens in new tab) decryptor key three weeks before sharing it with victims.
Although the agency has not officially confirmed the claims, an anonymous source told the Washington Post (WP) that the FBI withheld the keys so as to not tip off REvil.
“The questions we ask each time are: What would be the value of a key if disclosed? How many victims are there? Who could be helped? And on the flip side, what would be the value of a potential longer-term operation in disrupting an ecosystem? Those are the questions we will continue to have to balance,” reasoned the unnamed source.
- These are the best ransomware protection tools (opens in new tab)
- Here’s our roundup of the best cloud backup services (opens in new tab)
- Also check our list of the best data loss prevention services (opens in new tab)
It appears the FBI was gearing to launch a campaign to take down the notorious ransomware. However, before the agency could make a move, REvil pulled the plug (opens in new tab) on its operations on its own accord.
My precious
The reports come after cybersecurity (opens in new tab) firm Bitdefender (opens in new tab) recently released a universal decryptor (opens in new tab) for REvil victims, claiming to have made it together with a “trusted law enforcement partner” that it failed to identify.
Interestingly, the existence of a universal decryptor was first shared by a REvil representative, after the gang suddenly decided to get back into action (opens in new tab) after staying offline for nearly two months.
“One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine,” wrote REvil’s new representative in the Russian-post translated (opens in new tab) by security researchers at Flashpoint.
Flashpoint researchers have observed REvil trying to rebuild its reputation with former collaborators, who weren’t pleased with their sudden disappearance, prompting security researchers to urge clients to brace (opens in new tab) for a new round of REvil attacks.
- Check our list of the best disaster recovery services (opens in new tab)
VIa Washington Post (opens in new tab)